Devopsn the Operating System John Willis Director of Ecosystem - PowerPoint PPT Presentation

Devops’n the Operating System John Willis 
 Director of Ecosystem Development Docker, Inc. 


@botchagalupe • a.k.a. John Willis • 35 Years in IT Operations • Exxon, Canonical, Chef, Enstratius, Socketplane • Devopsdays Core Organizer • 35 Official Devopsdays • Devopscafe on iTunes • Organizer of Devops Enterprise Summit

Devops Devops is a movement motivated to turn human capital into high performance organizational capital.

First Generation Configuration Management Tivoli - Configuration Manager BMC - Bladelogic HP - Opsware

Operations is a competitive advantage… (Secret Sauce for Startups!)

Second Generation Configuration Management Cfengine Puppet Chef

History of Virtualization • IBM 360/370 (1960/1970) • CHROOT - Version 7 Unix 1979 (Bell Labs) and BSD in 1982 (Berkley) • VMware (1998) • FreeBSD Jails 2000 • XEN 2003 • Solaris Zones 2004 • OpenVZ 2005 • Amazon Web Services 2006 • BTRFS (Oracle) 2007 • Namespaces 2007 • Cgroups (Google) 2007 • KVM 2007 • AIX LPARS (IBM) 2007 • Drawbridge (2008) • Hyper-V (2008) • Linux Containers - LXC (Parelles, IBM, Google) 2008 • Docker (Dotcloud Inc) 2013 • Rocket (Coreos) 2014 • Unikernels (2015)

Virtualization • Type 1 Virtualization • VMware ESX, XEN, Hyper-V • (indirectly Amazon, Rackspace, etc..) 
 • Type 2 Virtualization • KVM, Virtualbox, QEMU, VMware Workstation • (indirectly Vagrant) 
 • OS Level Virtualization • OpenVZ, LXC, Docker

http://www.slideshare.net/BodenRussell/realizing-linux-containerslxc

Why OS Level Virtualization • Provision in milliseconds • Near bare metal runtime performance • VM-like agility – it’s still “virtualization” • Lightweight – Just enough Operating System (JeOS) • Supported with modern Linux kernel • Growing in popularity

Introducing Containers Containerization uses the kernel on the host operating system to run multiple root file systems • Each root file system is called a container • Each container also has its own – Processes – Memory – Devices – Network stack 16

Docker? • Isolation • Lightweight • Simplicity • Workflow • Community

http://www.slideshare.net/BodenRussell/realizing-linux-containerslxc

Docker and the Linux Kernel • Docker Engine is the program that enables containers to be distributed and run • Docker Engine uses Linux Kernel namespaces and control groups • Namespaces give us the isolated workspace 19

Docker Client and Daemon • Client / Server architecture • Client takes user inputs and sends them to the daemon • Daemon runs and distributes containers • Client and daemon can run on Client the same host or on different hosts • CLI client and GUI (Kitematic) 20

Understanding image layers • An image is a collection of files and some meta data • Images are comprised of multiple layers • A layer is also just another image • Each image contains software you want to run • Every image contains a base layer • Docker uses a copy on write system • Layers are read only • COW/Union Filesystems (AUFS/BTRFS) 21

Dockerfile Examples

Dockerfile Examples

Socketplane Example

Docker and Windows • Azure 
 • Azure Container Service • Swarm Integration • Windows Server 2016 
 • Windows Server Containers • Hyper-V Containers

Immutable Infrastructure @bglpe

Immutable Matters “The least-cost way to ensure that the behavior of any two hosts will remain completely identical is always to implement the same changes in the same order on both hosts.”

Management Methods • Divergence • Convergence • Congruence

Immutable Delivery

Immutable Delivery

Immutable Infrastructure

Serverless • AWS Lambda • Azure Functions • Google Cloud Functions • Unikernels

Enter Unikernels Unikernels are specialized virtual machine images complied from the modular stack of application code, system libraries and configuration.

Enter Unikernels

Unikernels

Unikernels https://queue.acm.org/detail.cfm?id=2566628

Unikernels http://rumpkernel.org/

Why Unikernels • Performance • user-kernel context switches • instantiation times • Memory footprint • Security • less attack surface • No known architecture patterns • Fine-grained optimisation • as unikernels are constructed through a coherent compiler tool-chain, whole-system optimisation can be carried out across device drivers and application logic, potentially improving specialisation further

Enter Unikernels Part of this is a numbers game – to run a reasonable system you might need to run 50 different services, and install 200 packages on every host. An attacker has to compromise just one of those to win - Gareth Rushgrove

Unikernel Examples • DNS Server 446 KB • Web Server 674 KB • OVS Switch 393 KB • NTP server un-hacked for over a year • Docker for Mac/Windows

Unikernel Opportunities • Composition and Orchestration • Logging and Monitoring • Networking • Debugging • Forces Immutability

Unikernels

john.willis@docker.com @botchagalupe http://ow.ly/Xt2ro